Physical-layer authentication is a popular alternative to the conventional key-based authentication for internet of things (IoT) devices due to their limited computational capacity and battery power. However, this approach has limitations due to poor robustness under channel fluctuations, reconciliation overhead, and no clear safeguard distance to ensure the secrecy of the generated authentication keys. In this regard, we propose a novel, secure, and lightweight continuous authentication scheme for IoT device authentication. Our scheme utilizes the inherent properties of the IoT devices transmission model as its source for seed generation and device authentication. Specifically, our proposed scheme provides continuous authentication by checking the access time slots and spreading sequences of the IoT devices instead of repeatedly generating and verifying shared keys. Due to this, access to a coherent key is not required in our proposed scheme, resulting in the concealment of the seed information from attackers. Our proposed authentication scheme for IoT devices demonstrates improved performance compared to the benchmark schemes relying on physical-channel. Our empirical results find a near threefold decrease in misdetection rate of illegitimate devices and close to zero false alarm rate in various system settings with varied numbers of active devices up to 200 and signal-to-noise ratio from 0 dB to 30 dB. Our proposed authentication scheme also has a lower computational complexity of at least half the computational cost of the benchmark schemes based on support vector machine and binary hypothesis testing in our studies. This further corroborates the practicality of our scheme for IoT deployments.

翻译：物理层认证是传统基于密钥认证的流行替代方案，适用于计算能力和电池功率受限的物联网设备。然而，该方法存在局限性：在信道波动下鲁棒性较差、需要协调开销，且缺乏明确的安全距离来保证生成认证密钥的保密性。为此，我们提出一种新颖、安全且轻量的连续认证方案用于物联网设备认证。该方案利用物联网设备传输模型的固有特性作为种子生成和设备认证的来源。具体而言，我们提出的方案通过检查物联网设备的接入时隙和扩频序列来实现连续认证，而非反复生成和验证共享密钥。因此，该方案无需获取相干密钥，从而防止攻击者获取种子信息。与依赖物理信道的基准方案相比，我们提出的物联网设备认证方案展现出更优性能。实验结果表明：在活跃设备数量多达200台、信噪比范围为0 dB至30 dB的各种系统配置下，非法设备的漏检率降低近三倍，虚警率趋近于零。此外，我们提出的认证方案计算复杂度更低，其计算成本至少比基于支持向量机和二元假设检验的基准方案降低一半。这进一步验证了该方案在物联网部署中的实用性。